Transparent Tribe: Evolution analysis, part 1 | Securelist
Tags
| country: | Afghanistan India |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Graphical User Interface - T1061 Graphical User Interface |
Common Information
| Type | Value |
|---|---|
| UUID | a6455c10-30a9-4684-bbc1-71cd97855993 |
| Fingerprint | 95b8be7abda5aed1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 20, 2020, 10 a.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Transparent Tribe: Evolution analysis, part 1 |
| Title | Transparent Tribe: Evolution analysis, part 1 | Securelist |
| Detected Hints/Tags/Attributes | 83/3/38 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://securelist.com/transparent-tribe-part-1/98127/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | md5 | 1 | 140D0169E302F5B5FB4BB3633D09B48F |
|
| Details | md5 | 1 | 9DD4A62FE9513E925EF6B6D795B85806 |
|
| Details | md5 | 1 | 1ED98F70F618097B06E6714269E2A76F |
|
| Details | md5 | 1 | F219B1CDE498F0A02315F69587960A18 |
|
| Details | IPv4 | 3 | 64.188.25.206 |
|
| Details | IPv4 | 4 | 173.212.192.229 |
|
| Details | IPv4 | 2 | 45.77.246.69 |
|
| Details | IPv4 | 3 | 173.249.22.30 |
|
| Details | Url | 1 | https://kas.pr/1gk9 |
|
| Details | Url | 3 | http://ip-api.com/xml |
|
| Details | Windows Registry Key | 112 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Domain | 3 | kas.pr |
|
| Details | Domain | 95 | ip-api.com |
|
| Details | Domain | 1 | tbvrarthsa.zip |
|
| Details | Domain | 338 | kaspersky.com |
|
| Details | Domain | 1 | ulhtagnias.zip |
|
| Details | Domain | 1 | newsbizupdates.net |
|
| Details | Domain | 1 | uronlinestores.net |
|
| Details | 147 | intelreports@kaspersky.com |
||
| Details | File | 1 | rfaiwaus.exe |
|
| Details | File | 1 | %allusersprofile%\media-list\tbvrarthsa.zip |
|
| Details | File | 1 | %allusersprofile%\media-list\tbvrarthsa.exe |
|
| Details | File | 1 | c:\programdata\dacr\macrse.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | nhq_notice_file.xls |
|
| Details | File | 1 | tbvrarthsa.zip |
|
| Details | File | 1 | ulhtagnias.zip |
|
| Details | md5 | 1 | 5158C5C17862225A86C8A4F36F054AE2 |
|
| Details | md5 | 1 | D2C407C07CB5DC103CD112804455C0DE |
|
| Details | md5 | 1 | 76CA942050A9AA7E676A8D553AEB1F37 |
|
| Details | md5 | 1 | 08745568FE3BC42564A9FABD2A9D189F |
|
| Details | md5 | 1 | 03DCD4A7B5FC1BAEE75F9421DC8D876F |
|
| Details | md5 | 1 | 075A74BA1D3A5A693EE5E3DD931E1B56 |
|
| Details | md5 | 1 | 1CD5C260ED50F402646F88C1414ADB16 |
|
| Details | md5 | 1 | CAC1FFC1A967CD428859BB8BE2E73C22 |
|
| Details | md5 | 1 | E7B32B1145EC9E2D55FDB1113F7EEE87 |
|
| Details | md5 | 1 | F5375CBC0E6E8BF10E1B8012E943FED5 |
|
| Details | md5 | 1 | 4B733E7A78EBD2F7E5306F39704A86FD |